Setting a Traffic Scrubbing Threshold to Intercept Attack Traffic
Anti-DDoS automatically enables defense against DDoS attacks for public IP addresses on Huawei Cloud (Huawei Cloud EIPs).
You can configure an Anti-DDoS defense policy in either of the following ways:
- Use the default protection policy.
The default protection policy is an initial policy and takes effect for all newly purchased EIPs. The default traffic scrubbing threshold is 120 Mbit/s and can be modified.
- Manually set a protection policy.
You can manually set protection policies for your public IP addresses in batches or one by one. The default protection policy will no longer be used for public IP addresses for which protection policies have been manually configured.
Manually Setting a Default Protection Policy
- Log in to the Anti-DDoS console.
- Select the Public IP Addresses tab and click Set Default Protection Policy.
- Set the traffic cleaning threshold based on the site requirements, as shown in Figure 1.
Table 1 Parameter description Parameter
Description
Traffic Cleaning Threshold
Anti-DDoS scrubs traffic when detecting that the incoming traffic of an IP address exceeds the threshold.
The default protection rate is 120 Mbit/s. You can manually set more protection levels.
NOTE:- The traffic scrubbing threshold should be selected based on the service bandwidth and is irrelevant to the specific defense policy. If the threshold is set significantly lower than the actual service bandwidth, false alarms may be generated. Conversely, if the threshold is set much higher than the actual service bandwidth, some attacks might not be effectively defended against. Therefore, you are advised to choose a value as close as possible to the actual service bandwidth but not greater than the purchased bandwidth.
- If service traffic triggers scrubbing, only attack traffic is intercepted. If service traffic does not trigger scrubbing, no traffic is intercepted.
- Click OK.
After you set the default protection policy, the newly purchased public IP addresses are protected based on the configured policy.
Configuring Protection Policies for a Specified EIP
- Log in to the Anti-DDoS console.
- On the Public IP Addresses tab page, select a setting method based on the site requirements.
- To configure protection policies for multiple public IP addresses, select multiple public IP addresses and choose Set Protection in the upper part of the page.
Figure 2 Configuring protection policies in batches
- To configure a protection policy for a single public IP address, in the row containing the desired public IP address, choose Set Protection.
Figure 3 Configuring a protection policy for a public IP address
- To configure protection policies for multiple public IP addresses, select multiple public IP addresses and choose Set Protection in the upper part of the page.
- Set the Traffic Cleaning Threshold based on the site requirements.
Figure 4 Configuring a protection policy
Table 2 Parameters for configuring a protection policy Parameter
Description
Traffic Cleaning Threshold
Anti-DDoS scrubs traffic when detecting that the incoming traffic of an IP address exceeds the threshold.
You can set the traffic cleaning threshold based on your service traffic. Set the threshold to a value closest to the purchased bandwidth but not greater than the purchased bandwidth.
The default protection rate is 120 Mbit/s. You can manually set more protection levels.
NOTE:- If service traffic triggers scrubbing, only attack traffic is intercepted. If service traffic does not trigger scrubbing, no traffic is intercepted.
- Set this parameter based on the actual service access traffic. You are advised to set a value closest to, but not exceeding, the purchased bandwidth.
- Then, click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
